Privacy Policy
Last updated: March 2026 ยท Applies to Parola for iOS
Short version: The free offline mode of Parola collects no data whatsoever โ everything stays on your device. The paid cloud mode requires an account (Auth0) and sends lesson generation requests to our server. No personal data is sold or shared with third parties.
1. Who we are
Parola is developed and operated by Alberto Purpura, an independent developer. You can reach us at hello@parolalearning.com.
2. The two modes of the app
Parola operates in two distinct modes with very different data implications:
- Offline mode (Free) On-device only โ All AI generation runs locally on your iPhone using Apple's on-device FoundationModels framework. No data is transmitted to any server. No account is required.
- Cloud mode (Paid subscription) Requires network โ Lesson generation is handled by our cloud backend. This mode requires creating an account and transmitting lesson prompts to our server. See sections 4โ6 for details.
3. Offline mode โ data collected
When using the free offline mode:
- Nothing is collected. All lesson generation, vocabulary lookups, story creation, and quiz grading happen entirely on your device using Apple Intelligence.
- Your lessons, progress, and quiz history are stored locally on your device using SwiftData and are never transmitted anywhere.
- Apple may collect diagnostic data from your device independently, subject to Apple's own privacy policy.
4. Cloud mode โ data collected
When you subscribe and use cloud mode, the following data is processed:
Account & authentication (via Auth0)
- Your email address โ used to create and identify your account.
- An Auth0 user ID (a unique anonymous identifier like
auth0|abc123) โ used internally to enforce your daily lesson limit and link your session to your subscription.
- Authentication tokens (JWT) โ issued by Auth0 and sent with each API request to verify your identity. They expire and are not stored on our servers.
- Auth0 may log authentication events (login timestamps, IP addresses) for security purposes, subject to Auth0's privacy policy.
Lesson generation requests
- Your chosen topic, target language, native language, and difficulty level โ sent to our server to generate vocabulary, a story, and comprehension questions.
- Your quiz answers โ sent to our server for AI grading and feedback. These are short text responses to comprehension questions about generated stories.
- These requests are processed in real time and are not stored on our servers after the response is returned to your device.
Usage data
- The number of lessons generated per day is tracked server-side (keyed to your Auth0 user ID) to enforce the daily limit of 5 lessons. This counter resets each day.
5. What we do not collect
- We do not collect your name, phone number, or payment information. Subscriptions are handled entirely by Apple (App Store) โ we never see your card or billing details.
- We do not track your location.
- We do not use analytics SDKs, advertising SDKs, or tracking pixels.
- We do not build user profiles or use your data for advertising.
- We do not store the content of your generated lessons or quiz answers beyond the duration of the API call.
6. Third-party services
Cloud mode relies on the following third-party services, each with their own privacy policies:
- Auth0 (Okta) โ handles authentication and account management. Auth0 Privacy Policy
- OpenAI โ processes lesson generation prompts and quiz answer grading. Requests are made server-side; your Auth0 ID is never sent to OpenAI. OpenAI Privacy Policy
- Railway โ hosts our backend server. Server logs may include IP addresses for operational purposes. Railway Privacy Policy
- Apple App Store โ handles subscription billing and in-app purchases. Apple Privacy Policy
7. Data retention
- Your Auth0 account and associated user ID are retained for as long as you have an account. You may request deletion at any time (see section 9).
- The daily lesson counter (a number keyed to your user ID) is reset daily and not retained beyond operational need.
- No lesson content, story text, or quiz answers are retained after your API request completes.
8. Data security
All communication between the app and our server uses HTTPS/TLS encryption. Authentication is handled by Auth0, an industry-standard identity provider. We do not store passwords โ login is managed entirely by Auth0.
9. Your rights & data deletion
You can request deletion of your account and any associated data at any time by emailing hello@parolalearning.com. We will process your request within 30 days. Offline mode requires no account, so there is nothing to delete.
Depending on your jurisdiction, you may have additional rights under laws such as the GDPR (EU) or CCPA (California), including the right to access, correct, or port your data. Please contact us to exercise these rights.
10. Children's privacy
Parola is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.
12. Contact
Questions or concerns about this privacy policy? Contact us at hello@parolalearning.com.